What does a scam email look like? 5 types to watch out for

A study carried out by one of our software partners KnowBe4 revealed the top reasons we are likely to click on scam/ phishing emails.

What is a phishing email?

A phishing email is an email sent under a fake address attempting to impersonate an individual or organisation.

This is done in order to lure a user into clicking on it and potentially compromising the security of their system. This can happen by opening a bad link or accidentally allowing the phisher to gain confidential information such as password details.

The test

The test which was sent to approximately 6 million users showed that we are more likely to click on emails containing information relating to money or offering free items.

Fake emails which proved most popular and to which users were most susceptible related to promises of money or posed the risk of losing it.

Second to these were emails which aroused the fear of missing out on an offer or opportunity. This includes free food or drinks or curiosity based requests for new contact or photo tags.

Subject lines pertaining to “Unusual sign-in activity” and other such notifications received attention from users. This is attributed to the ‘knee jerk reaction’ for seeing a familiar company or request contained in an email.

For example, requests that supposedly came via social media networks such as LinkedIn were the most convincing.

LinkedIn connection requests, new messages and password reset emails were able to get 53% of those in the test to click on the bait.

What are the types of phishing emails?

1. Deceptive phishing

This is when hackers imitate a legitimate company in an attempt to access personal information such as login credentials or bank account details.

They will often ask you to click a link to verify an account or make a payment.

When watching out for this kind of attack you should pay close attention to:

the wording and grammar of emails

the address the email has come from

the details of the URL it is trying to send you to

Often small mistakes, such as spelling errors, will give away that this email does not come from a genuine source.

2. Spear phishing

Spear phishing is when emails are tailored to the individual they are targeted at.

The tone and message are personalised to lure the target in. They will use information such as name, position, company and work phone number which they can usually access online.

The goal is the same as with deceptive phishing, to entice the user to click on a link and by doing so unwittingly give up personal information.

Think about what information is visible on your public LinkedIn or Facebook profile. Hackers will be able to access this information and use it to try and dupe you or others around you.

Social media networks such as LinkedIn are popular for businesses. We welcome familiar emails in our inbox from these organisations and mostly trust what they tell us to do.

If an email comes in that is different from the usual style you receive, or the request is different than usual it is best to exercise caution and check carefully if it is genuine.

3. CEO fraud/whaling

This highly targeted form of attack relies on gaining some insight into the contact details of the CEO and their style of writing in emails.

The example below shows the supposed CEO telling his colleague to email him rather than speak with him on the phone. This should raise red flags if it’s not something your CEO would normally say.

Also, if they don’t normally email you about financial matters, but they are now, that should be another red flag.

Often a CEO might not undergo security awareness training with the rest of the staff. However, it is important to make sure that all staff including senior management undergo training to avoid this from happening.

5. Dropbox/Google Docs phishing

As with other more targeted forms of attack, Dropbox phishing relies on users’ awareness of Dropbox and the trust individuals place in the service.

Similar attacks have been targeted at Google Docs and Google Drive users in the past.

It relies on the user clicking an “important” link in their inbox. This then sends them to a fake login page hosted (unknowingly to the organisation) on the genuine site.

When using file-sharing in the workplace we recommend you adopt the use of Two-Factor Authentication (2FA). This adds an additional layer of security and is easy for employees to utilise once in place.

“Once more relying on our trust and recognition for certain brands, this highlights the significance of social engineering in all of these attacks.”